A group of companies including Google, Akamai, Oracle and Cloudflare have dismantled an Android-botnet in a joint investigation regarding a malicious network mostly comprised of Android devices.

This botnet – called WireX – started attacking several Content Delivery Networks (CDNs) and contentproviders.

Android-botnet

According to the companies working together the Android-botnet consisted of a minimum of 70.000 unique devices with a possible maximum of around 120.000 unique IP-addresses. The botnet already started to attack targets since the start of August but the much larger attack on the 17^th of August piqued the interest of the companies involved and effectively started the investigation into the sizable botnet.

WireX malware

According to this research the so-called WireX malware was distributed via a number of websites including those owned by Google and found in the Play Store. Android devices were mostly infected by shady ringtone apps found in the Google Play Store which had the WireX malware included in their data. Infected devices were traced from over 100 countries around the world. As soon as infection took place, the devices started attacking multiple targeted websites by way of a DDoS-attack. To combat the infection, Google had removed over 300 infected apps from its Play Store and is looking for a solution to clean already infected Android devices.